Tag Archive for: long

A long march: China’s military-industrial espionage

/in


This article is adapted from the authors’ new book, Battlefield Cyber: How China and Russia are Undermining our Democracy and National Security (Prometheus, August 2023, available for preorder here).

Recent revelations that Chinese state-sponsored hackers penetrated US critical infrastructure and have the ability to disrupt oil and gas pipelines, rail systems, and the US Navy’s communications in the Pacific theater should come as no surprise. China’s pursuit of digital dominance has been decades in the making.

Reveille for China’s planners was sounded in the early 1990s during the Gulf War, in which the United States and its allies effortlessly toppled Iraqi forces. The first conflict of the digital era demonstrated to Chinese strategists the critical role of information technology on and off the battlefield.

Chinese leaders watched with dismay as the American military routed and dismantled the Iraqi military in what is considered one of the most one-sided conflicts in the history of modern warfare.

Going into the first Gulf War, Iraq’s military was ranked fourth in the world – having ballooned to more than a million troops who had been trained on weapons financed by the West to fight its bloody eight-year war with Iran.

The Chinese military, although larger in headcount at the time, paled in technological comparison with the forces commanded by Saddam Hussein. At the time, China’s air force consisted of a few fighter jets, mostly of its J-7 model – an indigenously produced replica of the Russian 1960s-era MiG-21.

Iraq’s air force, by contrast, was made up of far more advanced fighters, such as the Russian MiG-29, and its planes were supported by advanced antiaircraft missile defense systems. Yet even those advanced weapon systems proved wholly ineffective against 1990s-era American technology.

“The Chinese looked at Iraq and saw an army similarly equipped as theirs with old Soviet weaponry, and they saw how quickly the Iraqis were taken apart,” says analyst Scott Henderson of the cybersecurity firm Mandiant. Henderson was with the US Army at the time, specializing in China.

“A lot of the ease of victory had to do with the…

Source…

A little effort goes a long way

/in


IN recent months, Southeast Asia has been continuously hit with cyberattacks and espionage campaigns that had caused widespread discussion.

Some noteworthy ones include Philippines’ government employee data breach of 1.2 million records, the hacking of all Thailand’s ministries websites and the infamous Bjorka hacker, with a series of high-profile hacks against the Indonesian government. These types of attacks serve as a wake-up call for us to take greater steps toward cyber resilience in order to protect our cities from similar incidents in the future.

Across the globe, cyberattacks increased 38 percent in 2022 and they show no signs of slowing. Unplanned costs associated with the outages, incident response, fines and ransomware payments are averaging over $1 million per incident. We are also seeing cyber criminals upping their games and leveraging more sophisticated attacks against cities and organizations. Now with the advent of generative AI tools like ChatGPT, it is possible for criminals without any coding knowledge or advanced English writing skills to quickly create realistic phishing emails and malware.

So what can be done? It may seem surprising, but cybersecurity is really about people, process and technology — in that order.

First, start with cyber safety tips and training for employees that make sense. Frequent cybersecurity awareness training is crucial to partially protect cities against ransomware. This training should instruct employees to do the following: Not click on malicious links; never open unexpected or untrusted attachments; avoid revealing personal or sensitive data to phishers; get approval/verify software legitimacy before downloading it; never plug an unknown USB into their computer; use a VPN when connecting via untrusted or public Wi-Fi; do not open personal emails that have not been checked by corporate protections; use unique passwords for every application and multi-factor authentication for access to confidential applications and data, and never count solely on employees to make the right decision when…

Source…

Gateway Casinos in Ontario face long road to recovery after ransomware attack, expert says

/in



Several casinos in Ontario remain closed nearly two weeks after a cyberattack, with no official reopening date.


The ransomware attack that knocked the servers out to Gateway Casinos facilities was first detected on April 16.


Technology analyst Carmi Levy said the situation is the digital equivalent of recovering from a major fire or similar disaster.


“It’s as bad as it gets. And unfortunately, the damage is going to take years to undo, even if they are able to undo it,” the London, Ont.-based digital expert said. “You don’t just flip a switch and come back on.”


On Thursday, Gateway posted online it hopes to reopen using a phased approach “later this week; however, the reopening timeline depends on the pace of restoration and approval by regulatory bodies.”


The cybersecurity incident impacted operations to 14 casinos, including Casino Rama in Orillia, Georgian Downs in Innisfil, and Playtime Casinos Wasaga Beach.


According to Levy, the recovery procedure is a “multi-faceted, multi-staged process” involving highly-trained people.


“We call these ‘business killer events’ for a reason. Many companies that are targeted successfully by ransomware never fully recover. The direct costs will be into the millions if not the tens of millions or beyond,” the tech analyst said.


While the company has said there is no evidence to believe customer’s data was breached, Levy believes it’s possible.


“There is a very strong likelihood that it has been – that it is either being bought and sold on the dark web or will be at some point in time because all of these ransomware events tend to play out in the same way. There’s no coming back from that. ,” he noted.


While Casino Rama’s gaming floor remains closed to gamblers, the Orillia facility welcomed back concertgoers Thursday night in an attempt at getting some operations back to normal.


“The concert was very well attended, and people seemed very excited to be there,” said Rob Mitchell, director of communications at Gateway Casinos and Entertainment Limited.


A Scotty McCreery concert is scheduled to go ahead on Saturday.


Still, the digital analyst believes Gateway will have a long road…

Source…

Hacker George Hotz, long a frenemy of Elon Musk, signs on for 12 weeks at Twitter • TechCrunch

/in


A lot has been made of Twitter’s shrinking workforce, which is reportedly at 2,300 people, down from the 7,500 employed by the company when new owner Elon Musk took control.

While we posited that the newest wave of departures was part of Musk’s master plan to shrink down the company, many worry about the haphazard ways it has been downsized. Insider reported on Friday, for example, that Twitter’s payroll department was decimated last week when employees who were given a stark ultimatum by Musk opted to bounce.

Still, Musk has plenty of supporters who want to help him improve Twitter, and he apparently just brought one into the fold on a short-term basis: George Hotz, the security hacker known for developing iOS jailbreaks and reverse engineering the PlayStation 3 before later founding Comma.ai, whose driver assistance system startup aims to bring Tesla Autopilot–like functionality to other cars.

Hotz definitely falls into the category of people-who-wouldn’t-be-on-your-remake-of-Twitter bingo board. Hotz founded Comma.ai after getting into a fight with Musk after Musk allegedly tried to hire him at Tesla but “kept changing the terms,” as Hotz told Bloomberg in 2015. At the time, Tesla said Hotz’s bold claims that his tech could beat that of Autopilot was “extremely unlikely.” Hotz promptly set out to prove Musk and the rest of Tesla wrong.

So why team up now? For one thing, Hotz has a little extra time on his hands. As TechCrunch reported early this month, Hotz considers that some of his own work at Comma.ai is done for the moment. It currently sells a $1,999 driver assistance system developer kit that is compatible on more than 200 vehicles; the company is also on solid ground as it looks to turn its devkit into a productized consumer product, he told TechCrunch.

The momentum gives him a little space to explore. “I’m good at things when it’s wartime,” Hotz told TechCrunch for that story. “I’m not so good at hands-on, ok, let’s patiently scale this up. ‘Do you want to deal with a supply chain that’s capable of making 100,000 devices a year?’ Like, not really.”

Hotz, now 33, may also want to again prove his mettle to Musk. Indeed, last…

Source…